P
US9967289B2ActiveUtilityPatentIndex 85

Client services for applied key management systems and processes

Assignee: FORNETIX LLCPriority: Mar 12, 2015Filed: Mar 11, 2016Granted: May 8, 2018
Est. expiryMar 12, 2035(~8.7 yrs left)· nominal 20-yr term from priority
Inventors:WHITE CHARLESEDWARDS STEPHEN
H04L 63/20G06F 21/602H04L 63/061
85
PatentIndex Score
18
Cited by
72
References
21
Claims

Abstract

Embodiments described herein relate to apparatuses and methods for enabling applied key management operations at a client including establishing a data connection with a file kernel driver of the client to enable the applied key management operation, receiving a request pertaining to encryption key data, relaying the request pertaining to the encryption key data to an applied key management system, and receiving a response regarding the request from the applied key management system based on at least one policy of the applied key management system.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for enabling an applied key management operation at a client, the method comprising:
 establishing a data connection with a file kernel driver of the client to enable the applied key management operation; 
 receiving from the file kernel driver a request pertaining to encryption key data; 
 relaying the request pertaining to the encryption key data to an applied key management system; and 
 receiving a response to the request from the applied key management system based on at least one policy of the applied key management system, 
 wherein the file kernel driver is configured to substitute a key file with a link to invoke the applied key management operation; and 
 wherein the link to invoke the applied key management operation causes the applied key management operation to be executed in response to a file access operation being executed on an encryption key material. 
 
     
     
       2. The method of  claim 1 , wherein the request comprises a request to register the encryption key data with the applied key management system. 
     
     
       3. The method of  claim 1 , wherein the request comprises a request to send the encryption key data. 
     
     
       4. The method of  claim 3 , further comprising:
 retrieving the encryption key data from a local key store at the client; and 
 sending the encryption key data. 
 
     
     
       5. The method of  claim 1 , wherein the request comprises a request for recertification or for rekeying. 
     
     
       6. The method of  claim 1 , wherein the encryption key data comprises one of a certificate, a key store, a symmetric key, or an asymmetric key. 
     
     
       7. The method of  claim 1 , further comprising:
 receiving a key that complies with the at least one policy from the applied key management server; and 
 relaying the key to an application plugin at the client for data encryption. 
 
     
     
       8. The method of  claim 1 , further comprising closing the connection with the file kernel driver after receiving the response from the applied key management system. 
     
     
       9. The method of  claim 1 , wherein the established connection with the file kernel driver is a Netlink connection. 
     
     
       10. The method of  claim 1 , wherein the response comprises a denial of the request based on the at least one policy of the applied key management system. 
     
     
       11. A system for enabling applied key management operations at a client, the system comprising:
 a memory; and 
 a processor configured to:
 establish a data connection with a file kernel driver of the client to enable the applied key management operation; 
 receive a request pertaining to encryption key data; 
 relay the request pertaining to the encryption key data to an applied key management system; and
 receive a response to the request from the applied key management system based on at least one policy of the applied key management system, 
 
 
 wherein the file kernel driver is configured to substitute a key file with a link to invoke the applied key management operation; and 
 wherein the link to invoke the applied key management operation causes the applied key management operation to be executed in response to a file access operation being executed on an encryption key material. 
 
     
     
       12. The system of  claim 11 , wherein the request comprises a request to register the encryption key data with the applied key management system. 
     
     
       13. The system of  claim 11 , wherein the request comprises a request to send the encryption key data. 
     
     
       14. The system of  claim 13 , wherein the processor is further configured to:
 retrieve the encryption key data from a local key store at the client; and 
 send the encryption key data. 
 
     
     
       15. The system of  claim 11 , wherein the request comprises a request for recertification or for rekeying. 
     
     
       16. The system of  claim 11 , wherein the encryption key data comprises one of a certificate, a key store, a symmetric key, or an asymmetric key. 
     
     
       17. The system of  claim 1 , wherein the processor is further configured to:
 receive a key that complies with the at least one policy from the applied key management server; and 
 relay the key to an application plugin at the client for data encryption. 
 
     
     
       18. The system of  claim 17 , wherein the processor is further configured to close the connection with the file kernel driver after receiving the response from the applied key management system. 
     
     
       19. The system method of  claim 17 , wherein the established connection with the file kernel driver is a Netlink connection. 
     
     
       20. The system of  claim 11 , wherein the response comprises a denial of the request based on the at least one policy of the applied key management system. 
     
     
       21. The method of  claim 1 , wherein the applied key management operation comprises at least one of:
 opening a Netlink connection with the file kernel driver, when the file access operation is an Open operation; 
 retrieving encryption key information, when the file access operation is a Read operation; 
 registering encryption key information, when the file access operation is a Write operation; or 
 closing the Netlink connection with the file kernel driver, when the file access operation is a Close operation.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.